US8761170B2 - Communication device, communication method, integrated circuit, and program - Google Patents
Communication device, communication method, integrated circuit, and program Download PDFInfo
- Publication number
- US8761170B2 US8761170B2 US13/512,902 US201113512902A US8761170B2 US 8761170 B2 US8761170 B2 US 8761170B2 US 201113512902 A US201113512902 A US 201113512902A US 8761170 B2 US8761170 B2 US 8761170B2
- Authority
- US
- United States
- Prior art keywords
- port number
- packet
- determination
- nat
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2521—Translation architectures other than single NAT servers
- H04L61/2532—Clique of NAT servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2517—Translation of Internet protocol [IP] addresses using port numbers
Definitions
- the present invention relates to a communication device, a communication method, an integrated circuit, and a program for communicating from a Wide Area Network (WAN) side beyond a network relay device which has a Network Address Translation (NAT) function.
- WAN Wide Area Network
- NAT Network Address Translation
- IPv4 Internet Protocol version 4
- NAT device a network configuration using a private IP address and a router having the NAT function (hereafter referred to as NAT device) is widely used such that a plurality of devices whose number exceeds the number of available global IP addresses can simultaneously communicate with a device on the Internet.
- the private IP address is an IP address for use in a closed (private) network such as a network device debugging and within businesses, although it cannot be used as a source IP address and a destination IP address of a packet on the global Internet.
- the NAT device is a network relay device which holds a Network Address Translation (NAT) function of performing a mutual conversion between a global IP address and a private IP address.
- NAT Network Address Translation
- NAT is used by including a meaning of Network Address Port Translation (NAPT) which also performs a port translation.
- NAPT Network Address Port Translation
- NAT function will be described with reference to FIG. 1 .
- a communication packet bound for a communication device 104 on its own Wide Area Network (WAN) side are transmitted from a communication device 101 on its own Local Area Network (LAN) side
- a NAT device 102 as the NAT function, has a function of transferring the communication packet to an upper level network (Internet 103 ).
- the NAT device 102 in the transfer, rewrites the source IP address and the source port of the communication packet into a WAN-side IP address of the NAT device 102 itself and a newly assigned port number, respectively. Then, a reply packet which returns as a reply, after a rewrite of the destination IP address and the port number by the NAT device 102 according to an address translation table 105 , is transferred to the communication device 101 .
- the NAT device 102 having an IP address of “10.0.0.1” on the WAN side receives a packet bound for an 80 port of a destination IP address of “10.0.0.2” transmitted from a 10000 port of the communication device 101 having an IP address of “192.168.0.2”.
- the NAT device 102 On the receiving of the packet, the NAT device 102 , with reference to the address translation table 105 , first checks whether or not the source IP address and the source port of the received packet already exist in the address translation table 105 . As a result, in the case where there are no corresponding data in the address translation table 105 , an address translation table 105 is newly generated.
- the source port number to be used for newly generating the address translation table 105 may be any port number as long as the number is not used for another address translation.
- the NAT device 102 After newly generating the address translation table 105 , the NAT device 102 , according to the generated address translation table 105 , rewrites “192.168.0.2” which is the source IP address and the source port number “10000” of the received packet into an IP address of “10.0.0.1” and a port number “20000,” respectively, and then transmits the packet to the communication device 104 having an IP address of “10.0.0.2”.
- the NAT device 102 refers to the address translation table 105 and then rewrites “10.0.0.1” which is the destination IP address and “20000” which is the destination port number into an IP address of “192.168.0.2” and a port number “10000,” respectively.
- the communication device 101 can communicate with the communication device 104 without the influence of the address translation performed in the NAT device 102 , can transmit information with respect to the communication device 104 , and can obtain information from the communication device 104 .
- a criterion for newly assigning a port number in an address translation of the NAT function or a port number issuance rule is different for each product.
- the criterion for assigning a port number in an address assignment of the NAT function is mainly classified into three kinds and the port number issuance rule is also mainly classified into three kinds.
- FIG. 2 shows a criterion classification for assigning a port of the NAT function.
- FIG. 2 shows, in (1), an assignment criterion classification called a Cone type which is a classification for always assigning the same port in the address translation regardless of whether destination IP addresses of a server A, a server B, and the like that are communication partners and a destination port belongs to a port p or a port q.
- a Cone type which is a classification for always assigning the same port in the address translation regardless of whether destination IP addresses of a server A, a server B, and the like that are communication partners and a destination port belongs to a port p or a port q.
- FIG. 2 shows, in (2), a port assignment criterion classification called an Address Sensitive type which is a port assignment criterion classification which changes an assigned port according to the destination IP addresses of the server A and the server B that are communication partners.
- an Address Sensitive type which is a port assignment criterion classification which changes an assigned port according to the destination IP addresses of the server A and the server B that are communication partners.
- the same port is always assigned in the address translation without depending on whether the destination port of the communication partner is the port p or the port q.
- FIG. 3 shows a port number issuance rule classification of the NAT function.
- FIG. 3 shows, in (1), a port number issuance rule classification called a Port Reuse type which is a classification for assigning, also to the NAT device, the same port as a source port number of a communication packet transmitted by a terminal. It should be noted that another port is assigned in the case where a port is already used in the address translation table of the NAT device.
- FIG. 3 shows, in (2), a port number issuance rule classification called a Sequential type and shows a case where each of the three communication packets, from the terminal, is sequentially transmitted with the use of a 1 port, a 3 port, and a 5 port as a source port.
- a port number issuance rule classification called a Sequential type
- the interval between the adjacent port numbers is different for each product.
- the NAT function of the NAT device from a standpoint of security, has a function of filtering based on a source IP address or a port number of a communication packet that comes from the WAN side.
- the network configuration using the private IP address and the NAT device allows the terminal to directly communicate with another device on the Internet.
- NAT traversal This is generally called “NAT traversal”.
- the NAT traversal is performed by using a NAT device corresponding to an Internet Gateway Device (IGD) of Universal Plug and Play (UPnP) which is disclosed in Non Patent Literature 1 or using a NAT device corresponding to NAT Port Mapping Protocol (NAT-PMP), or Simple Traversal of UDP through NATs (STUN) which is disclosed in Non Patent Literature 2.
- IGD Internet Gateway Device
- UDP Universal Plug and Play
- STUN Simple Traversal of UDP through NATs
- STUN can correspond to many NAT devices by using an external server.
- communication packets are blocked by the filtering function of the NAT device and the NAT traversal cannot be performed.
- the method using STUN is inferior in certainty to the method using UPnP.
- Patent Literature 1 discloses a method for enhancing a connection rate, by exchanging, between terminals via an external server, NAT classification determination result information of the NAT device and information about the presence or absence of UPnP compatibility, and by then performing the NAT traversal using STUN, the NAT traversal using the IGD of UPnP or NAT Port Mapping Protocol (NAT-PMP), or the like, even in the multilayer NAT environment in which there are two or more NAT devices between the external server and the terminals.
- NAT-PMP NAT Port Mapping Protocol
- the technique disclosed in PTL1 can perform NAT traversal with UPnP only in the case where in the multilayer NAT environment having two or more NAT devices, all the NAT devices correspond to the IGD of UPnP and the like. In other words, in the case where there is even one NAT device not corresponding to the IGD of UPnP and the like, NAT traversal with STUN is performed.
- the scope of UPnP application is small and the NAT traversal by STUN is mainly applied as a result, and therefore there is a problem that an effect of an increase in the connection rate in the multilayer NAT environment is limited.
- a Large Scale NAT (LSN) is considered for an Internet Service Provider (ISP) to set up a NAT device with the NAT function on an ISP level at a facility within the ISP management or a similar device and to assign a private IPv4 address to each of the service users. Therefore, the number of multilayer NAT environments will be increased in the future.
- ISP Internet Service Provider
- the LSN device is a device managed by the ISP and is not considered to support control from the user terminals. In other words, a possibility is estimated to be extremely low that NAT traversal using a port mapping setting by the IGD of UPnP and the like can be applied.
- an ISP NAT device 202 and an ISP NAT device 207 correspond to the above described LSN device.
- a case is assumed where P2P communication is performed between a terminal device 206 under control of the ISP NAT device 202 and a terminal device 209 under control of the ISP NAT device 207 .
- the LSN devices ISP NAT devices 202 and 207 ) each are not equipped with a port mapping setting function such as the IGD of UPnP, with a result that NAT traversal using a STUN server 201 is forced to be performed.
- connection cannot be performed by a combination of the NAT device 205 and a NAT device 208 there are many cases where the NAT traversal cannot be performed.
- the LSN device does not support the control from the user and therefore the NAT traversal cannot be performed.
- the availability of the NAT traversal is varied. In other words, this means that considered from a user point of view, there are a partner with who can perform P2P communication and a partner with who cannot perform P2P communication even if the partners hold the same terminals which can perform P2P communication.
- the present invention has an object to provide a communication device, a communication method, an integrated circuit, and a program which can easily establish NAT traversal communication in the multilayer NAT environment which includes a NAT device having no port mapping setting function such as the IGD of UPnP and the like.
- a communication device is a communication device which communicates with a server device connected to the Internet, via (i) an upper layer Network Address Translation (NAT) device connected to the Internet and (ii) a lower layer NAT device connected to the upper layer NAT device, the communication device comprising: a connection environment check unit configured to collect information indicating a Local Area Network (LAN)-side Internet Protocol (IP) address of the upper layer NAT device and information indicating a Wide Area Network (WAN)-side IP address of the lower layer NAT device; a determination purpose port mapping command unit configured to issue a port mapping command for the lower layer NAT device to transfer a packet to the communication device, the packet arriving at a predetermined port number of the lower layer NAT device; a determination packet generation unit configured to generate a determination packet which is source-routed, the determination packet generation unit including: a relay destination determination unit configured to determine, as a relay destination of the determination packet, the LAN-side IP address of the upper layer NAT device collected by the connection environment check unit; a
- a source port number can be obtained after translation by the lower layer NAT device in the case where a packet is transmitted by the communication device according to the present aspect.
- information is obtained for identifying a port number of the WAN side used in the lower layer NAT device in a subsequent upstream transmission from the communication device.
- the lower layer NAT device it is possible for the lower layer NAT device to be set such that a packet which arrives at the port number on the WAN side is transferred to the communication device. With this, other devices connected to the Internet can be made to access the communication device by a traversal of the lower layer NAT device.
- a communication device may further include a NAT traversal information notification unit configured to cause the server device to notify NAT traversal information to an other communication device communicating with the server device, by transmitting a notification request packet to the server device with use of a same source port number as the source port number of the determination packet generated by the determination packet generation unit, wherein the NAT traversal information may include the WAN-side IP address and the WAN-side port number of the upper layer NAT device which are indicated in the notification request packet received by the server device.
- a communication device may further include a port number issuance rule identification unit configured to identify a port number issuance rule which is a rule for determining a WAN-side port number used for communication in the lower layer NAT device, wherein the determination packet transmitting unit may be configured to transmit a plurality of determination packets including the determination packet, the determination packet receiving unit may be configured to receive the determination packets transmitted by the determination packet transmitting unit, the port number obtainment unit may be configured to obtain the WAN-side port number of the lower layer NAT device which is indicated in each of the determination packets received by the determination packet receiving unit, and the port number issuance rule identification unit may be configured to identify the port number issuance rule based on a plurality of WAN-side port numbers including the WAN-side port number obtained by the port number obtainment unit.
- identification of a port number issuance rule of the lower layer NAT device can be efficiently performed.
- the efficient obtainment of information used for performing the NAT traversal by another communication device becomes possible.
- a communication device may further include a NAT traversal purpose port determination unit configured to (i) determine, as a NAT traversal purpose port number, a WAN-side port number used by the lower layer NAT device for transferring a packet transmitted next from the communication device, and (ii) determine a source port number of a notification request packet corresponding to the NAT traversal purpose port number, the WAN-side port number being identified with use of a port number issuance rule identified by the port number issuance rule identification unit; a NAT traversal purpose port mapping command unit configured to issue a port mapping command for the lower layer NAT device to transfer a packet to the communication device, the packet arriving at a NAT traversal purpose port number determined by the NAT traversal purpose port determination unit; and a NAT traversal information notification unit configured to cause the server device to notify NAT traversal information to an other communication device communicating with the server device, by transmitting the notification request packet to the server device with use of a source port number determined by the NAT traversal
- the determination packet transmitting unit may be configured to transmit the determination packets having mutually different source port numbers
- the port in number issuance rule identification unit may be configured to identify the port number issuance rule according to whether or not (a) a source port number of each of the determination packets when transmitted by the determination packet transmitting unit is identical to the WAN-side port number obtained by the port number obtainment unit, or (b) a difference is constant between two successively obtained WAN-side port numbers among WAN-side port numbers sequentially obtained by the port number obtainment unit.
- the port number issuance rule can be accurately identified even in the case where it is uncertain about which of various port number issuance rules is adopted by the lower layer NAT device.
- the present invention can be implemented as a communication method that includes characteristic processes performed by a communication device according to any of the above described aspects.
- the present invention can be implemented as a program for causing a computer to execute each of the processes included in the communication method of the present invention and as a recording medium having the program recorded thereon.
- the program can be distributed via a transmission medium such as the Internet or a recording medium such as DVD.
- the present invention can be implemented as an integrated circuit that includes characteristic component units performed by a communication device according to any of the above described aspects.
- the address translation rule of the lower layer NAT device and the port number on the WAN side used by the lower layer NAT device can be obtained.
- port mapping can be performed with the use of the port mapping setting function of the IGD of UPnP such that the port for receiving a packet of the communication device is identical to the port on the WAN side used by the lower layer NAT device.
- the port mapping function such as the IGD of UPnP is not supported in the upper layer NAT device
- NAT traversal can be easily realized in a packet transmission with respect to a communication device located at a terminal of a network.
- the NAT traversal can be realized by only an addition of function expansion only to the communication device.
- FIG. 1 is a diagram for explaining an outline of a conventional NAT function.
- FIG. 2 is a diagram showing a conventional NAT port assignment criterion classification.
- FIG. 3 is a diagram showing a conventional NAT port number issuance rule classification.
- FIG. 4 is a diagram showing an outline of a network configuration predicted in the future.
- FIG. 5 is a diagram showing an example of an identification result for each of the NAT kinds according to a conventional scheme in a multilayer NAT environment.
- FIG. 6 is a diagram showing an example of a configuration of a communication system according to Embodiment 1 of the present invention.
- FIG. 7 is a block diagram showing an example of hardware configurations of an external server and terminal devices according to Embodiment 1 of the present invention.
- FIG. 8 is a functional block diagram showing an example of a configuration of a terminal device according to Embodiment 1.
- FIG. 9 is a flowchart showing a flow of basic processes performed by the terminal device according to Embodiment 1.
- FIG. 10 is a diagram showing an example of an IP address assigned to each of the devices in the communication system according to Embodiment 1.
- FIG. 11 is a diagram showing an example of a communication sequence for obtaining the WAN-side port number used by a lower layer NAT device according to Embodiments 1 and 2.
- FIG. 12 is a diagram showing an example of a communication sequence including NAT traversal according to Embodiment 1.
- FIG. 13 is a diagram showing an example of a communication as sequence including NAT traversal according to Embodiment 2.
- FIG. 14 is a diagram showing an example of a processing flow for identifying a port number issuance rule of the lower layer NAT device according to Embodiment 2.
- LSN identifications are not definite according to carriers and ISP policies and ideas, but a possibility is high that a NAT port assignment criterion will be a Cone type after considering connectivity and compatibility with the existing applications.
- the Cone type NAT solidly translates a port number with respect to an upstream packet, and therefore as the whole of the multilayer NAT environment, the Cone type NAT is equal to the NAT restriction of the lower layer NAT device.
- the multilayer NAT is also identified as a Cone type ((1) of FIG. 1 ).
- the multilayer NAT is identified as an Address Sensitive type ((2) of FIG. 5 ). If the upper layer is a Cone type and the lower layer is a Port Sensitive type, the multilayer NAT is identified as a Port Sensitive type ((3) of FIG. 5 ).
- upper layer NAT devices 302 , 312 , and 322 in FIG. 5 each correspond to the LSN
- lower layer NAT devices 303 , 313 , and 323 each correspond to a customer NAT device.
- the present invention can also be applied to a multilayer NAT environment having three or more layers, but the embodiments will show examples of the NAT device in a multilayer NAT environment having two layers.
- Embodiment 1 shows an example of communication accompanied by NAT traversal in the case where the customer NAT device which is the lower layer NAT device is a Cone type
- Embodiment 2 shows an example of communication accompanied by NAT traversal in the case where the customer NAT device which is the lower layer NAT device is an Address Sensitive type or a Port Sensitive type.
- Embodiment 1 shows an example of communication accompanied by NAT traversal in the case where the customer NAT device which is the lower layer NAT device is a Cone type.
- FIG. 6 is a diagram showing an example of a configuration of the communication system according to Embodiment 1.
- a communication system 400 according to Embodiment 1 shown in FIG. 6 includes an external server 401 , an upper layer NAT device a 403 and an upper layer NAT device b 406 each of which corresponds to the LSN set up on an ISP level, a lower layer NAT device a 404 and a lower layer NAT device b 407 each of which corresponds to a customer NAT device, and a terminal device a 405 and a terminal device b 408 .
- the external server 401 , the upper layer NAT device a 403 , and the upper layer NAT device b 406 are connected to an Internet 402 via a communication line.
- the present embodiment assumes that communication from the terminal device a 405 to the terminal device b 408 is started such that the terminal device a 405 and the terminal device b 408 perform P2P communication, and then the terminal device a 405 performs a NAT traversal sequence. Specifically, the terminal device a 405 starts communication to the terminal device b 408 via communication with the external server 401 .
- the external server 401 has a function of receiving, from the terminal device a 405 , NAT traversal information such as the WAN-side IP address of the upper layer NAT device a 403 and port information used for NAT traversal by the upper layer NAT device a 403 , and a function of notifying, of the NAT traversal information, the terminal device b 408 which is a communication partner of the terminal device a 405 .
- NAT traversal information such as the WAN-side IP address of the upper layer NAT device a 403 and port information used for NAT traversal by the upper layer NAT device a 403
- the terminal device b 408 which is a communication partner of the terminal device a 405 .
- the Internet 402 is a public communication network or a private communication network using a wired line comprising an optical line, a cable television network, a telephone line, or the like, or a wireless link. Data can be exchanged according to a predetermined communication protocol between terminal devices connected to the Internet 402 .
- the terminal device a 405 and the terminal device b 408 each have a function of communicating with an IP network with Transmission Control Protocol (TCP) or User Datagram Protocol (UDP), and perform data communication according to each purpose.
- TCP Transmission Control Protocol
- UDP User Datagram Protocol
- the terminal device a 405 is an example of a communication device according to the present invention.
- the terminal device a 405 has a function of obtaining, by transmitting a communication packet to each of the NAT devices, NAT information indicating connection environment of an IP address for each of the NAT devices and the like, a function of setting, on the lower layer NAT device a 404 , port mapping for determination with the IGD of UPnP and the like, a function of transmitting a determination packet using a source routing function to the lower layer NAT device a 404 via the upper layer NAT device a 403 , a function of receiving the determination packet, a function of setting, based on result information obtained from the determination packet, port mapping on the lower layer NAT device a 404 for the NAT traversal with the IGD of UPnP, and a function of notifying the external server 401 of the NAT traversal information.
- port mapping is generally called “port forwarding” or the like.
- the terminal device b 408 has a function of obtaining, by communicating with the external server 401 , NAT traversal information of the terminal device a 405 and a function of accessing the terminal device a 405 based on the obtained NAT traversal information.
- the upper layer NAT device a 403 , the upper layer NAT device b 406 , the lower layer NAT device a 404 , and the lower layer NAT device b 407 are routers having NAT functions, have packet routing functions, and constitute parts of a Local Area Network (LAN).
- LAN Local Area Network
- Each of the terminals connected to the LAN has a private IP address and communication between terminals within the same LAN can be performed with their respective private IP addresses.
- the external server 401 , the terminal device a 405 , and the terminal device b 408 can be implemented by an information processing device including a normal hardware configuration which can execute software.
- the external server 401 , the terminal device a 405 , and the terminal device b 408 each include a Central Processing Unit (CPU) 501 , a main storage device 502 , a communication control device 503 , an external storage device 504 , an input device 505 , and an output device 506 .
- CPU Central Processing Unit
- Each of the devices is mutually connected via a bus 507 and is configured such that necessary information can be transmitted between the devices.
- the hardware configurations shown in FIG. 7 are examples, and the hardware configurations of the external server 401 , the terminal device a 405 , and the terminal device b 408 are not necessarily configured as described above.
- FIG. 8 is an example of functional blocks of the terminal device a 405 .
- Each of the functional blocks for example, is realized by executing, by the CPU 501 , a program stored in the main storage device 502 or the external storage device 504 of the terminal device a 405 .
- a connection environment check unit 601 collects information of all the NAT devices with the NAT functions which exist between the terminal device a 405 and the external server 401 .
- the information obtained here is notified to a determination packet generation unit 603 .
- the information obtained here includes the WAN-side IP address, the LAN-side IP address, and information about the presence or absence of the port mapping setting function such as the IGD of UPnP, NAT-PMP, or the like of the NAT devices each of which exists between the terminal device a 405 and the external server 401 .
- information indicating the LAN-side IP address of the upper layer NAT device a 403 , information indicating the WAN-side IP address of the lower layer NAT device a 404 , the presence or absence information of the port mapping setting function of the upper layer NAT device a 403 , and the presence or absence information of the port mapping setting function of the lower layer NAT device a 404 , and the like are collected by the connection environment check unit 601 .
- connection environment check unit 601 the pieces of information collected by the above described connection environment check unit 601 are examples, and the pieces of information are not limited to these.
- a determination purpose port mapping command unit 602 as issues a port mapping command to the lower layer NAT device a 404 corresponding to the customer NAT device, by using a port number determined by a destination port determination unit 606 , with the IGD of UPnP or the like.
- the determination purpose port mapping command unit 602 issues a port mapping command to the lower layer NAT device a 404 such that a packet which arrives at a predetermined port number on the WAN side of the lower layer NAT device a 404 is transferred to the terminal device a 405 .
- the determination packet generation unit 603 generates a determination packet which is source-routed for being transmitted by a determination packet transmitting unit 608 and being received by a determination packet receiving unit 609 .
- the determination packet generation unit 603 includes: a relay destination determination unit 604 which determines, as a relay destination of a determination packet, the LAN-side IP address of the upper layer NAT device a 403 collected by the connection environment check unit 601 ; a final destination determination unit 605 which determines, as a final destination of the determination packet, the WAN-side IP address of the lower layer NAT device a 404 collected by the connection environment check unit 601 ; a destination port determination unit 606 which determines, as a destination port number of the determination packet, the same port number as the predetermined port number used for the port mapping command; and a source port determination unit 607 which determines any source port number.
- the determination packet transmitting unit 608 transmits, to a network, the determination packet which is generated by the determination packet generation unit 603 and which is source-routed.
- the determination packet receiving unit 609 receives a determination packet which is transmitted from the determination packet transmitting unit 608 , passes through the upper layer NAT device a 403 and the lower layer NAT device a 404 , and then is sent to the terminal device a 405 itself.
- a port number obtainment unit 615 obtains a WAN-side port number of the lower layer NAT device a 404 which is a source port number indicated in a determination packet received by the determination packet receiving unit 609 .
- the WAN-side port number obtained by the port number obtainment unit 615 is notified, as a determination result, to a port number issuance rule identification unit 610 .
- the port number issuance rule identification unit 610 identifies a port number issuance rule which is a rule for determining a WAN-side port number used for communication in the lower layer NAT device a 404 .
- the determination packet receiving unit 609 receives a plurality of determination packets transmitted by the determination packet transmitting unit 608 , and the port number obtainment unit 615 obtains a WAN-side port number of the lower layer NAT device a 404 which is indicated in each of the plurality of the determination packets.
- the port number issuance rule identification unit 610 identifies the port number issuance rule of the lower layer NAT device a 404 based on a plurality of the WAN-side port numbers sequentially obtained from the port number obtainment unit 615 .
- a scheme of identifying a port number issuance rule of the NAT device by the port number issuance rule identification unit 610 will be described with reference to FIG. 14 .
- the port number issuance rule identification unit 610 notifies a NAT traversal purpose port determination unit 613 of the identified result, and the NAT traversal purpose port determination unit 613 uses the port number indicated by the result for a NAT traversal process.
- the NAT traversal purpose port determination unit 613 determines, from a result obtained from the port number issuance rule identification unit 610 , a port number used for a port mapping command by the NAT traversal purpose port mapping command unit 611 and a source port number of a notification request packet used by a NAT traversal information notification unit 612 .
- the port number issuance rule identification unit 610 does not identify the port number issuance rule and a source port number of a determination packet received by the determination packet receiving unit 609 is determined as a port number used for a port mapping command.
- the NAT traversal purpose port mapping command unit 611 issues, by using a port number which is determined by the NAT traversal purpose port determination unit 613 and which a port mapping should be performed for NAT traversal, a port mapping command to the lower layer NAT device a 404 with the use of the IGD of UPnP or the like.
- the NAT traversal information notification unit 612 by using the source port number determined by the NAT traversal purpose port determination unit 613 , transmits a notification request packet to the external server 401 and then causes the external server 401 to notify the NAT traversal information to another terminal device communicating with the external server 401 .
- the NAT traversal information includes the WAN-side IP address and the WAN-side port number of the upper layer NAT device a 403 which are indicated in the notification request packet received by the external server 401 .
- the NAT traversal information includes information indicating a destination of a packet necessary for the other terminal device to communicate with the terminal device a 405 through performing NAT traversal.
- the terminal device a 405 is not required to include functional blocks indicated by dotted-line rectangular boxes in FIG. 8 such as the dotted-line rectangular box of the port number issuance rule identification unit 610 .
- the WAN-side port number of the lower layer NAT device a 404 obtained by the port number obtainment unit 615 of the terminal device a 405 may be transmitted to another device and then the other device may be made to identify the port number issuance rule and to perform such a process as a determination of the NAT traversal purpose port number.
- Part or all of the functional configurations shown in FIG. 8 can be implemented as an integrated circuit.
- the terminal device a 405 can be implemented by the integrated circuit.
- the external server 401 is a communication device which obtains the NAT traversal information from the notification request packet received from the terminal device a 405 and notifies another terminal of the NAT traversal information.
- the external server 401 can be implemented by an authentication server, a session management server, or the like, used for a conventional NAT traversal scheme, and therefore a functional block diagram is omitted.
- the terminal device b 408 has a function of receiving a communication request from the terminal device a 405 via the external server 401 , receiving the NAT traversal information for communication with the terminal device a 405 from the external server 401 , and accessing the terminal device a 405 based on the information.
- the terminal device b 408 is a communication device or a communication means which has a conventional STUN function or a function similar to the conventional STUN function. Therefore, a functional block diagram of the terminal device b 408 is omitted.
- FIG. 9 is a flowchart showing a flow of basic processes performed by the terminal device a 405 according to Embodiment 1 of the present invention.
- the connection environment check unit 601 collects NAT information (S 10 ). Specifically, information indicating the LAN-side IP address of the upper layer NAT device a 403 , information indicating the WAN-side IP address of the lower layer NAT device a 404 , the presence or absence information of the port mapping setting function of the upper layer NAT device a 403 , the presence or absence information of the port mapping setting function of the lower layer NAT device a 404 , and the like are collected.
- NAT information S 10 Specifically, information indicating the LAN-side IP address of the upper layer NAT device a 403 , information indicating the WAN-side IP address of the lower layer NAT device a 404 , the presence or absence information of the port mapping setting function of the upper layer NAT device a 403 , the presence or absence information of the port mapping setting function of the lower layer NAT device a 404 , and the like are collected.
- the determination purpose port mapping command unit 602 issues, with respect to the lower layer NAT device a 404 , a port mapping command with the use of a predetermined port number (S 11 ).
- the determination packet generation unit 603 generates the determination packet which is source-routed (S 20 ). Specifically, the following processes are performed.
- the relay destination determination unit 604 determines, as the relay destination of the determination packet, the LAN-side IP address of the upper layer NAT device a 403 collected by the connection environment check unit 601 (S 21 ).
- the final destination determination unit 605 determines, as the final destination of the determination packet, the WAN-side IP address of the lower layer NAT device a 404 collected by the connection environment check unit 601 (S 22 ).
- the destination port determination unit 606 determines, as the destination port number of the determination packet, the same port number as the predetermined port number used for the port mapping command by the determination purpose port mapping command unit 602 (S 23 ).
- the same port number may be determined by one of the destination port determination unit 606 and the determination purpose port mapping command unit 602 .
- the determination packet transmitting unit 608 transmits the determination packet which is generated by the determination packet generation unit 603 (S 30 ).
- the determination packet receiving unit 609 receives the determination packet which is transmitted from the determination packet transmitting unit 608 , passes through the upper layer NAT device a 403 and the lower layer NAT device a 404 , and then arrives at the terminal device a 405 (S 31 ).
- the port number obtainment unit 615 obtains the WAN-side port number of the lower layer NAT device a 404 which is a source port number indicated in the determination packet received by the determination packet receiving unit 609 (S 32 ).
- FIGS. 11 and 12 are flowchart diagrams.
- FIG. 10 is a diagram showing an example of an IP address assigned to each of the devices in the communication system 400 according to Embodiment 1.
- IP addresses are assigned to each of the devices.
- the lower layer NAT device a 404 “192.168.11.1” is assigned as the LAN-side IP address and “192.168.10.2” is assigned as the WAN-side IP address.
- the upper layer NAT device a 403 “192.168.10.1” is assigned as the LAN-side IP address and “10.0.0.2” is assigned as the WAN-side IP address.
- connection environment check unit 601 of the terminal device a 405 obtains NAT information about all the NAT devices existing between the terminal device a 405 and the external server 401 (S 801 ).
- the NAT information obtained by the connection environment check unit 601 is information indicating the WAN-side IP address, information indicating the LAN-side IP address, and information indicating the presence or absence of a port mapping setting function such as the IGD of UPnP or NAT-PMP for each of the NAT devices ( 403 and 404 in the present embodiment).
- the connection environment check unit 601 may obtain other pieces of information.
- the WAN-side IP address and the LAN-side IP address of the NAT device can be obtained by using an Internet Control Message Packet (ICMP) packet such as traceroute, GetExternalIPAddress of UPnP, or the like.
- ICMP Internet Control Message Packet
- the presence or absence of the port mapping setting function such as the IGD of UPnP, NAT-PMP, or the like can be determined by using the function of the IGD of UPnP or the like.
- S 801 may be performed when the terminal device a 405 is connected to a network or a power source is started, which means that any time is acceptable as long as S 801 can be performed before S 802 is performed.
- the determination purpose port mapping command unit 602 of the terminal device a 405 issues, to the lower layer NAT device a 404 , a port mapping command using the predetermined port number determined by the destination port determination unit 606 in the terminal device a 405 by using the port mapping setting function such as the IGD of UPnP or the like (S 802 ).
- the predetermined port number determined by the destination port determination unit 606 of the terminal device a 405 is described as a number d later.
- the lower layer NAT device a 404 On the receiving of the determination purpose port mapping command from the terminal device a 405 , the lower layer NAT device a 404 performs, by using the IGD of UPnP or the like, a port mapping setting with respect to the number d port which is the designated port. With this, hereafter, in the case where a packet comes from the WAN side to a number d port of “192.168.10.2” which is the WAN-side IP address of the lower layer NAT device a 404 , the lower layer NAT device a 404 transfers the packet to the terminal device a 405 by rewriting the destination of the packet into the number d port of “192.168.11.2” which is the IP address of the terminal device a 405 (S 803 and S 804 ).
- the destination port number may be designated to be transferred to a port other than the number d.
- the determination packet generation unit 603 of the terminal device a 405 generates a determination packet based on the NAT information obtained in S 801 (S 805 ).
- the determination packet is source-routed, and therefore not only the destination IP address and the source IP address in the normal IP packet but also the final destination IP address are included in the determination packet.
- the IP address designated by the destination IP address unit in the normal IP header unit is treated as a relay destination IP address. Therefore, hereafter, the IP address designated by the destination IP address unit in the IP header unit in the generation of the determination packet is expressed as the relay destination IP address.
- the relay destination determination unit 604 of the terminal device a 405 designates, as the relay destination IP address, “192.168.10.1” which is the LAN-side IP address of the upper layer NAT device a 403 .
- the final destination determination unit 605 designates, as the final destination IP address, “192.168.10.2” which is the WAN-side IP address of the lower layer NAT device a 404 .
- the present invention makes it possible to perform a function similar to the source routing not by designating the final destination IP address in the option unit of the IP header but by designating the final destination IP in address in other than the IP header such as a data unit of a communication packet.
- the destination port determination unit 606 of the terminal device a 405 designates the destination port number of the determination packet.
- the number d is designated.
- the source port determination unit 607 of the terminal device a 405 designates any port number as the source port number of the determination packet. The present embodiment assumes that the number s port is used as the source number port number.
- the determination packet transmitting unit 608 of the terminal device a 405 transmits the determination packet which is generated in S 805 .
- the transmitted determination packet passes through the lower layer NAT device a 404 and is received by the upper layer NAT device a 403 designated by the relay destination IP address (S 806 , S 807 , and S 808 ).
- the lower layer NAT device a 404 performs address translations of the source IP address and the source port number of the determination packet.
- the source IP address is translated from “192.168.11.2” to “192.168.10.2” which is the WAN-side IP address of the lower layer NAT device a 404 .
- the source port number is translated from the number s to the number s′.
- the upper layer NAT device a 403 translates from the relay destination IP address of the destination IP address unit in the IP header unit of the determination packet received in S 808 to the final destination IP address written in the determination packet (S 809 ).
- the upper layer NAT device a 403 transmits the determination packet whose destination is changed in S 809 to the number d port of the lower layer NAT device a 404 in which port mapping is performed in S 804 (S 810 ).
- a process may be performed for stopping the port mapping function which is set for the lower layer NAT device a 404 with the IGD of UPnP or the like.
- the port number obtainment unit 615 of the terminal device a 405 obtains “s′” which is the WAN-side port number of the lower layer NAT device a 404 which is the source port number of the determination packet received by the determination packet receiving unit 609 .
- the present embodiment assumes that a port assignment criterion of the lower layer NAT device a 404 is a Cone type, and in this case, the identification of the port number issuance rule is not required for the determination of the port for the NAT traversal necessary in S 901 in FIG. 12 .
- the process is shifted from the determination packet receiving unit 609 to the NAT traversal purpose port determination unit 613 .
- the NAT traversal purpose port determination unit 613 of the terminal device a 405 determines the NAT traversal purpose port number used for issuing, in, S 902 , a port mapping command with the IGD of UPnP or the like to the lower layer NAT device a 404 and the source port number of the notification request packet of the NAT traversal information used in S 905 (S 901 ).
- the port assignment criterion of the lower layer NAT device a 404 according to the present embodiment is a Cone type. Therefore, the port number determined for the NAT traversal and the source port number of the notification request packet of the NAT traversal information are the number s′ port which is the source port number of the determination packet received in S 812 and the source port number s used in S 806 , respectively.
- the NAT traversal purpose port mapping command as unit 611 of the terminal device a 405 transmits the port mapping command of the number s′ port to the lower layer NAT device a 404 with the use of the IGD of UPnP or the like (S 902 ).
- the lower layer NAT device a 404 receives the NAT purpose port mapping command transmitted in S 902 (S 903 ) and performs a port mapping setting with respect to the designated number s′ port (S 904 ).
- S 903 the number s′ port of “192.168.10.2” which is the WAN-side IP address of the lower layer NAT device a 404
- the lower layer NAT device a 404 transfers the packet to the terminal device a 405 by rewriting the packet destination into the number s port of “192.168.11.2” which is the IP address of the terminal device a 405 .
- the NAT traversal information notification unit 612 of the terminal device a 405 transmits, by designating the source IP address as “192.168.11.2” and the source port as the number s port, a notification request packet to the external server 401 .
- the NAT traversal information is transmitted to the external server 401 (S 905 ).
- address translation is performed in the lower layer NAT device a 404 , but the lower layer NAT device a 404 is a Cone type and the source port number of the notification request packet from the terminal device a 405 is “s”, which is the same as the source port number when the determination packet is transmitted (S 806 ).
- the source IP address and the source port are translated into “192.168.10.2” and the number s′ port which is a translation result in S 807 , respectively (S 906 ).
- the notification request packet to be transmitted from the terminal device a 405 in S 905 may be sent by the inclusion of an identifier, identification, or the like of the terminal device b 408 which is a communication partner of the terminal device a 405 .
- the terminal device a 405 can notify the external server 401 of the identifier or the like of the communication partner.
- the external server 401 which has completed the process of S 908 notifies, of the NAT traversal information obtained in S 908 , the terminal device b 408 which is a communication partner of the terminal device a 405 (S 909 and S 910 ).
- the information notified at this time includes “10.0.0.2” which is the WAN-side IP address of the upper layer NAT device a 403 and the port number “s′′”, but may include pieces of information other than these.
- the terminal device b 408 traverses NAT and accesses the terminal device a 405 with the use of the NAT traversal information received from the external server 401 in S 910 (S 911 ).
- the destination IP address and the destination port number of the communication packet at this time are “10.0.0.2” which is the WAN-side IP address of the upper layer NAT device a 403 which is indicated in the NAT traversal information obtained in S 910 and the port number “s′′” after the address translation performed by the upper layer NAT device a 403 in communication between the terminal device a 405 and the external server 401 , respectively.
- the upper layer NAT device a 403 rewrites the destination IP address and the destination port number of the communication packet into “192.168.10.2” and “s′”, respectively, and transfers the rewritten packet to the lower layer NAT device a 404 (S 912 ).
- the lower layer NAT device a 404 receives the communication packet at the number s′ port which is a port in which port mapping settings are performed in S 903 and S 904 . Therefore, the lower layer NAT device a 404 rewrites the destination IP address and the destination port number of the communication packet into “192.168.11.2” of the IP address of the terminal device a 405 and “s” and transfers the rewritten packet to the terminal device a 405 (S 913 ).
- the terminal device a 405 receives the communication packet which has performed NAT traversal from the terminal device b 408 (S 914 ).
- the terminal device a 405 replies to the communication packet received in S 914 .
- the NAT traversal from the terminal device a 405 to the terminal device b 408 is performed and thus P2P communication is established (S 915 and S 916 ).
- the communication packet from the terminal device a 405 to the terminal device b 408 as a reply of the communication packet from the above described terminal device b 408 to the terminal device a 405 , is transmitted to the upper layer NAT device b 406 and the lower layer NAT device b 407 with the use of the same path (port number). Therefore, filtering is not performed for the communication packet of the reply by the two NAT devices. In other words, the NAT traversal is performed in communication from the terminal device a 405 to the terminal device b 408 , and thus the communication from the terminal device a 405 to the terminal device b 408 can be realized.
- Embodiment 2 shows an example of communication accompanied by NAT traversal in the case where the customer NAT device which is the lower layer NAT device is an Address Sensitive type or a Port Sensitive type.
- a configuration of a communication system, and a hardware configuration for each of the devices and a functional block configuration according to Embodiment 2 are the same as those in FIGS. 6 , 7 and 8 of Embodiment 1, and therefore their descriptions are omitted here.
- connection environment check unit 601 of the terminal device a 405 obtains the NAT information about all the NAT devices existing between the terminal device a 405 and the external server 401 (S 801 ).
- the NAT information obtained by the connection environment check unit 601 is information indicating the WAN-side IP addresses, the LAN-side IP addresses, and the presence or absence of a port mapping setting function such as the IGD of UPnP, NAT-PMP, or the like of the NAT devices ( 403 and 404 in the present embodiment).
- the connection environment check unit 601 may obtain other pieces of information.
- the WAN-side IP address and the LAN-side IP address of the NAT device can be obtained by using an ICMP packet such as traceroute, or GetExternalIPAddress of UPnP or the like.
- the presence or absence of the port mapping setting function such as the IGD of UPnP or NAT-PMP can be determined by using the function of the IGD of UPnP or the like.
- S 802 to S 812 in FIG. 11 are performed as similarly to Embodiment 1. In the present embodiment, however, it is necessary to identify the port number issuance rule of the lower layer NAT device a 404 . Therefore, specifically, a series of processes of S 802 to S 812 in FIG. 11 needs to be performed at least three times.
- the series of processes of S 802 to S 812 in FIG. 11 are performed three times.
- an item which needs to be varied every time is a source port number which is set in the generation of a determination packet of S 805 .
- a port which is used in an n-th S 802 to S 812 as a source port number of a determination packet by the terminal device a 405 is represented as the number s(n) port
- a port which is a result of translation of the number s(n) port by the lower layer NAT device a 404 in S 807 is represented as the number s′(n) port.
- the determination packet used in the first S 802 to S 812 when transmitted from the terminal device a 405 , uses the number s(1) port as the source port, and in the lower layer NAT device a 404 , address translation is performed from the number s(1) port to the number s′(1) port.
- the port number issuance rule identification unit 610 of the terminal device a 405 performs the identification of the port number issuance rule of the lower layer NAT device a 404 , for example, according to a process flow as shown in FIG. 14 (S 1001 in FIG. 13 ) by using s(1), s(2), and s(3) each of which is used as the source port number of the determination packet used every time and s′(1), s′(2), and s′(3) each of which is a port number obtained as a translation result.
- the port number issuance rule is identified as [1] the Port Reuse type.
- the port number issuance rule identification unit 610 identifies that the port number issuance rule is [2] a Sequential type and identifies that the port number issuance rule is [3] a Random type in the case of being not constant.
- the terminal device a 405 may not notify the external server 401 , for example, that NAT traversal is impossible. Moreover, the external server 401 may notify the terminal device b 408 of the notification content.
- the NAT devices of [1] the Port Reuse type and [2] the Sequential type each determine a port number in which a port mapping setting is performed according to the port number issuance rule. Therefore, in the case where the determined port number is already used for another communication, a port number violating the original port number issuance rule is sometimes assigned. Consequently, depending on a situation, a wrong port number issuance rule is identified for each of the NAT devices which are originally [1] the Port Reuse type and [2] the Sequential type, but description of how to deal with this case is omitted because it is not the significance of the present invention.
- S 1002 to S 1017 shown in FIG. 13 are almost the same as S 901 to S 916 according to Embodiment 1, but there are differences in the used source port number, the address translation in the lower layer NAT device a 404 , and the like. Therefore, a specific example 1 of Embodiment 2 is set for the case where the lower layer NAT device a 404 is [1] the Port Reuse type, and a specific example 2 of Embodiment 2 is set for the case where the lower layer NAT device a 404 is [2] the Sequential type, and descriptions of S 1002 to S 1017 will be shown below.
- the NAT traversal purpose port determination unit 613 determines a port number in which a port mapping setting for the NAT traversal is performed for the lower layer NAT device a 404 (S 1002 ).
- the port number which is the target of the port mapping when the lower layer NAT device a 404 is the Port Reuse type is a port number which is assigned to the lower layer NAT device a 404 after the address translation and is the same port number as the source port number used by the terminal device a 405 when the NAT traversal information is transmitted in S 1006 .
- the source port number used by the terminal device a 405 when transmitting the NAT traversal information in S 1006 may be any number. But the port numbers s(1), s(2), and s(3) used in S 802 to S 812 should be avoided because they are the numbers used immediately before and therefore there is a possibility that the lower layer NAT device a 404 will issue a port number in violation of the Port Reuse rule that is an original port number issuance rule.
- the port number which is used by the terminal device a 405 as the source port number of the notification request packet when transmitting the NAT traversal information in S 1006 is represented as “s_pr”.
- the port number in which a port mapping setting is performed for NAT traversal is also “s_pr”.
- a port mapping command is issued from the NAT traversal purpose port mapping command unit 611 of the terminal device a 405 to the lower layer NAT device a 404 with the IGD of UPnP or the like.
- the lower layer NAT device a 404 performs a port mapping setting for the number s_pr port according to the command (S 1003 , S 1004 , and S 1005 ).
- the lower layer NAT device a 404 transfers the packet to the terminal device a 405 by translating the packet destination into the number s_pr port of “192.168.11.2” which is the IP address of the terminal device a 405 . It should be noted that in the packet transfer to the terminal device a 405 , a port other than the number s_pr may be designated as the destination port.
- the NAT traversal information is notified from the NAT traversal information notification unit 612 of the terminal device a 405 to the external server 401 (S 1006 ). Specifically, the following as processes are performed.
- the NAT traversal information notification unit 612 transmits, to the external server 401 , the notification request packet in which the source IP address and the source port number are determined as “192.168.11.2” and “s_pr,” respectively.
- the destination IP address of the notification request packet is “10.0.0.1” and the destination port number is any port number designated by the external server 401 .
- the source IP address and the source port number of the notification request packet after the address translation in the lower layer NAT device a 404 are “192.168.10.2” and “s_pr”, respectively (S 1007 ). Furthermore, address translation is performed also in the upper layer NAT device a 403 (S 1008 ). The source IP address after the translation is “10.0.0.2”. Moreover, the source port after the translation at this time is designated as the number s′′_pr port.
- the source IP address and the source port number of the communication request packet which arrives at the external server 401 are “10.0.0.2” and “s′′_pr”, respectively, which are obtained by the address translation by the upper layer NAT device a 403 . These pieces of information are stored as the NAT traversal information in the external server 401 (S 1009 ).
- the notification request packet to be transmitted from the terminal device a 405 may be sent by the inclusion of an identifier, identification, or the like of the terminal device b 408 which is a communication partner of the terminal device a 405 .
- the external server 401 which has completed the process of S 1009 notifies, of the NAT traversal information, the terminal device b 408 which is a communication partner of the terminal device a 405 (S 1010 and S 1011 ).
- the information notified at this time includes “10.0.0.2” which is the WAN-side IP address of the upper layer NAT device a 403 and the port number “s′′_pr” after the address translation by the upper layer NAT device a 403 , but may include pieces of information other than these.
- the terminal device b 408 traverses NAT and accesses the terminal device a 405 with the use of the NAT traversal information notified from the external server 401 (S 1012 ).
- the destination IP address and the destination port number of the communication packet at this time are “10.0.0.2” which is the WAN-side IP address of the upper layer NAT device a 403 and “s′′_pr” which is a port number after the address translation performed by the upper layer NAT device a 403 in communication between the terminal device a 405 and the external server 401 .
- the upper layer NAT device a 403 rewrites the destination IP address and the destination port number into “192.168.10.2” and “s_pr”, respectively, and then transfers the packet to the lower layer NAT device a 404 (S 1013 ).
- the lower layer NAT device a 404 receives the communication packet which designates, as the destination, the WAN-side IP address itself and the number s_pr port in which a port mapping setting is provided in S 1004 and S 1005 . Therefore, the lower layer NAT device a 404 rewrites the destination IP address and the destination port number of the communication packet into “192.168.11.2” of the IP address of the terminal device a 405 and “s_pr”, respectively, and then transfers the packet to the terminal device a 405 (S 1014 ).
- the terminal device a 405 receives the communication packet which has performed NAT traversal from the terminal device b 408 (S 1015 ).
- the terminal device a 405 replies to the communication packet received in S 1015 .
- the NAT traversal from the terminal device a 405 to the terminal device b 408 is performed and P2P communication is established (S 1016 and S 1017 ).
- the NAT traversal is realized in the case where the port assignment classification of the lower layer NAT device a 404 is the Address Sensitive type or the Port Sensitive type and the port number issuance rule is the Port Reuse type.
- the communication packet from the terminal device b 408 to the terminal device a 405 arrives at a port which is set as a NAT traversal purpose port provided at the lower layer NAT device a 404 .
- the communication packet passes through the lower layer NAT device a 404 and arrives at the terminal device a 405 .
- the NAT traversal is performed in the communication from the terminal device b 408 to the terminal device a 405 .
- the predicted port number is set as a NAT traversal purpose port. Therefore, the communication packet from the terminal device a 405 to the terminal device b 408 is transmitted to the upper layer NAT device b 406 and the lower layer NAT device b 407 with the use of the same path (port number) as the communication packet from the terminal device b 408 to the terminal device a 405 . Consequently, filtering is not performed for the communication packet by the two NAT devices. In other words, the NAT traversal is performed in the communication from the terminal device a 405 to the terminal device b 408 , and thus the communication from the terminal device a 405 to the terminal device b 408 can be realized.
- the NAT traversal purpose port determination unit 613 determines a port number in which a port mapping is set for the NAT traversal of the lower layer NAT device a 404 (S 1002 ).
- a port number in which a port mapping setting should be performed when the lower layer NAT device a 404 is the Sequential type is a port number to be assigned in the next address translation in the lower layer NAT device a 404 and is calculated as below. For example, in the case where the source port number of the determination packet is “s′(3)” which is finally obtained after the execution of S 802 to S 812 more than once, the port number in which a port mapping setting should be performed is “s′(3)+(s′(3) ⁇ s′(2))”.
- the NAT traversal purpose port mapping command unit 611 of the terminal device a 405 by using the NAT traversal purpose port number “s′_se” which is determined in S 1002 , performs a port mapping setting for the lower layer NAT device a 404 with the IGD of UPnP or the like (S 1003 , S 1004 , and S 1005 ).
- the lower layer NAT device a 404 translates the packet destination into the number s_se port of “192.168.11.2” which is the IP address of the terminal device a 405 and then transfers the packet to the terminal device a 405 .
- a port other than the number s_se may be designated as the destination port.
- the NAT traversal information is notified from the NAT traversal information notification unit 612 of the terminal device a 405 to the external server 401 (S 1006 ). Specifically, the following processes are performed.
- the NAT traversal information notification unit 612 transmits, to the external server 401 , the notification request packet in which the source IP address and the source number are determined as “192.168.11.2” and “s_se”, respectively.
- the destination IP address of the notification request packet is “10.0.0.1” and the destination port number is any port number designated by the external server 401 .
- the source IP address and the source port number of the notification request packet after the address translation in the lower layer NAT device a 404 are “192.168.10.2” and “s′_se” respectively (S 1007 ). Furthermore, address translation is performed also in the upper layer NAT device a 403 (S 1008 ).
- the source IP address and the source port after the translation at this time is “10.0.0.2” Moreover, the source port after the translation is designated as the number s′′_se port.
- the source IP address and the source port number of the communication request packet which arrives at the external server 401 are “10.0.0.2” and “s′′_se”, respectively, which are obtained by the address translation by the upper layer NAT device a 403 . These pieces of information are stored as the NAT traversal information in the external server 401 (S 1009 ).
- the notification request packet to be transmitted from the terminal device a 405 may be sent by the inclusion of an identifier, identification, or the like of the terminal device b 408 which is a communication partner of the terminal device a 405 .
- the external server 401 which has completed the process of S 1009 notifies, of the NAT traversal information, the terminal device b 408 which is a communication partner of the terminal device a 405 (S 1010 and S 1011 ).
- the information notified at this time includes “10.0.0.2” which is the WAN-side IP address of the upper layer NAT device a 403 and the port number “s′′_se” after the address translation performed by the upper layer NAT device a 403 , but may include pieces of information other than these.
- the terminal device b 408 traverses NAT and accesses the terminal device a 405 with the use of the NAT traversal information notified from the external server 401 in S 1011 (S 1012 ).
- the destination IP address and the destination port number of the communication packet at this time are “10.0.0.2” which is the WAN-side IP address of the upper layer NAT device a 403 which is indicated in the NAT traversal information obtained in S 1011 and the port number “s′′_se” after the address translation performed by the upper layer NAT device a 403 in communication between the terminal device a 405 and the external server 401 .
- the upper layer NAT device a 403 rewrites the destination IP address and the destination port number into “192.168.10.2” and “s′_se”, respectively, and then transfers the packet to the lower layer NAT device a 404 (S 1013 ).
- the lower layer NAT device a 404 receives the communication packet which designates, as the destination, the WAN-side IP address itself and the number s′_se port for which port mappings are set in S 1004 and S 1005 . Therefore, the lower layer NAT device a 404 rewrites the destination IP address and the destination port number of the communication packet into “192.168.11.2” of the IP address of the terminal device a 405 and “s_se”, respectively, and transfers the packet to the terminal device a 405 (S 1014 )
- the terminal device a 405 receives the communication packet which has performed NAT traversal from the terminal device b 408 (S 1015 ).
- the terminal device a 405 replies to the communication packet received in S 1015 .
- the NAT traversal from the terminal device a 405 to the terminal device b 408 is performed and P2P communication is established (S 1016 and S 1017 ).
- the NAT traversal is realized in the case where the port assignment classification of the lower layer NAT device a 404 is the Address Sensitive type or the Port Sensitive type and the port number issuance rule is the Sequential type.
- the communication packet from the terminal device b 408 to the terminal device a 405 arrives at a port which is set as a NAT traversal purpose port provided at the lower layer NAT device a 404 .
- the communication packet passes through the lower layer NAT device a 404 and arrives at the terminal device a 405 .
- the NAT traversal is performed in the communication from the terminal device b 408 to the terminal device a 405 .
- the predicted port number is set as a NAT traversal purpose port. Therefore, the communication packet from the terminal device a 405 to the terminal device b 408 is transmitted to the upper layer NAT device b 406 and the lower layer NAT device b 407 with the use of the same path (port number) as the communication packet from the terminal device b 408 to the terminal device a 405 . Consequently, filtering is not performed for the communication packet by the two NAT devices. In other words, the NAT traversal is performed in the communication from the terminal device a 405 to the terminal device b 408 , and thus the communication from the terminal device a 405 to the terminal device b 408 can be realized.
- the communication device can easily establish P2P communication with other communication devices even in a multilayer NAT environment which includes a NAT device without a port mapping setting function such as the IGD of UPnP.
- a multilayer NAT environment which includes a NAT device without a port mapping setting function such as the IGD of UPnP.
- the lower layer NAT device supports a port mapping setting function such as the IGD of UPnP
- the port number issuance rule of the lower layer NAT device can be identified without the use of a device other than the external server.
- NAT traversal is possible even in the case where STUN-related NAT traversal scheme cannot be applied when P2P communication is performed in the above described multilayer NAT environment. Therefore, the present invention is effective as a technique for enhancing connectivity at a time of P2P communication.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
- [PTL 1]
- [NPL 1]
- Universal Plug and Play Internet Gateway Device (IGD) V 1.0, http://upnp.org/specs/gw/UPnP-gw-InternetGatewayDevice-v1-Device.pdf
- [NPL 2]
- J. Rosenberg, et al. “RFC3489, STUN—Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)”, [online], March 2003, retrieved from the Internet: <URL: http://www.ietf.org/rfc/rfc3489.txt>
-
- 101, 104 Communication device
- 102, 205, 208 NAT device
- 103, 402 Internet
- 105 Address translation table
- 201 STUN server
- 202, 207 ISP NAT device
- 206, 209 Terminal device
- 302, 312, 322 Upper layer NAT device
- 303, 313, 323 Lower layer NAT device
- 400 Communication system
- 401 External server
- 403 Upper layer NAT device a
- 404 Lower layer NAT device a
- 405 Terminal device a
- 406 Upper layer NAT device b
- 407 Lower layer NAT device b
- 408 Terminal device b
- 501 CPU
- 502 Main storage device
- 503 Communication control device
- 504 External storage device
- 505 Input device
- 506 Output device
- 507 Bus
- 601 Connection environment check unit
- 602 Determination purpose port mapping command unit
- 603 Determination packet generation unit
- 604 Relay destination determination unit
- 605 Final destination determination unit
- 606 Destination port determination unit
- 607 Source port determination unit
- 608 Determination packet transmitting unit
- 609 Determination packet receiving unit
- 610 Port number issuance rule identification unit
- 611 NAT traversal purpose port mapping command unit
- 612 NAT traversal information notification unit
- 613 NAT traversal purpose port determination unit
- 615 Port number obtainment unit
Claims (8)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2010-228012 | 2010-10-07 | ||
JP2010228012 | 2010-10-07 | ||
PCT/JP2011/005172 WO2012046390A1 (en) | 2010-10-07 | 2011-09-14 | Communication apparatus, communication method, integrated circuit, and program |
Publications (2)
Publication Number | Publication Date |
---|---|
US20120236854A1 US20120236854A1 (en) | 2012-09-20 |
US8761170B2 true US8761170B2 (en) | 2014-06-24 |
Family
ID=45927399
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/512,902 Active 2032-01-25 US8761170B2 (en) | 2010-10-07 | 2011-09-14 | Communication device, communication method, integrated circuit, and program |
Country Status (4)
Country | Link |
---|---|
US (1) | US8761170B2 (en) |
JP (1) | JP5771600B2 (en) |
CN (1) | CN102652413B (en) |
WO (1) | WO2012046390A1 (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5833880B2 (en) * | 2011-10-07 | 2015-12-16 | キヤノンイメージングシステムズ株式会社 | Information processing apparatus, device control apparatus, device control system, and control method thereof |
EP3086517A4 (en) * | 2013-12-16 | 2017-12-27 | Yamaha Corporation | Communication system, terminal apparatus, and server |
CN104052670B (en) * | 2014-07-04 | 2017-12-22 | 华为技术有限公司 | A kind of communication means and system |
US10129206B2 (en) * | 2015-06-05 | 2018-11-13 | Cisco Technology, Inc. | Addressing and managing an internal network of a virtual branch node |
TWI558149B (en) * | 2015-06-23 | 2016-11-11 | 晶睿通訊股份有限公司 | Network transmission method and network transmission system for a multi-layer network address translator structure |
TWI568219B (en) * | 2015-07-16 | 2017-01-21 | 金智洋科技股份有限公司 | Gateway for automatically assigning port number to network device, and method, computer program and computer readable medium thereof |
US20190089675A1 (en) * | 2016-03-16 | 2019-03-21 | Nec Corporation | Network address translation device, setting requesting device, communication system, communication method and storage medium storing program |
JP6822248B2 (en) * | 2017-03-21 | 2021-01-27 | 富士通株式会社 | Information processing system, information processing method and mobile terminal |
CN114640648A (en) * | 2020-12-16 | 2022-06-17 | 华为技术有限公司 | Method, system and related equipment for ACS to pass through NAT equipment |
Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040088537A1 (en) * | 2002-10-31 | 2004-05-06 | Microsoft Corporation | Method and apparatus for traversing a translation device with a security protocol |
US20040128554A1 (en) * | 2002-09-09 | 2004-07-01 | Netrake Corporation | Apparatus and method for allowing peer-to-peer network traffic across enterprise firewalls |
US20060209822A1 (en) | 2005-03-18 | 2006-09-21 | Moe Hamamoto | Communication apparatus, communication system and communication method |
JP2006295909A (en) | 2005-03-18 | 2006-10-26 | Matsushita Electric Ind Co Ltd | Communication apparatus and system, and communication method |
US20070058644A1 (en) * | 2005-08-04 | 2007-03-15 | Cisco Technology, Inc. | Service for NAT traversal using IPSEC |
US20070192434A1 (en) * | 2006-02-13 | 2007-08-16 | Fujitsu Limited | Network system, terminal, and gateway |
US20070189490A1 (en) * | 2006-02-01 | 2007-08-16 | Jung-Sic Sung | Data redirection system and method using Internet protocol private branch exchange |
US7346926B2 (en) * | 2002-01-22 | 2008-03-18 | Netseal Mobility Technologies Nmt Oy | Method for sending messages over secure mobile communication links |
JP2008236278A (en) | 2007-03-20 | 2008-10-02 | Hitachi Ltd | Communication connection method and communication apparatus |
US20080259943A1 (en) * | 2007-04-20 | 2008-10-23 | Matsushita Electric Industrial Co., Ltd. | Ip communication apparatus and nat type determination method by the same |
US20100008260A1 (en) * | 2006-12-04 | 2010-01-14 | Sun Cheul Kim | Method for configuring control tunnel and direct tunnel in ipv4 network-based ipv6 service providing system |
US20120011189A1 (en) * | 2010-04-07 | 2012-01-12 | Jeremy Matthew Werner | Apparatus and Method For Matching Users For Online Sessions |
US20120072548A1 (en) * | 2010-09-21 | 2012-03-22 | Taesung Kim | System and Method for Web Hosting Behind NATs |
US8165157B1 (en) * | 2000-06-21 | 2012-04-24 | Cisco Technology, Inc. | Maintaining network compatibility |
US20120099599A1 (en) * | 2009-06-29 | 2012-04-26 | Keraenen Ari | Method and Apparatus for Relaying Packets |
US20120144475A1 (en) * | 2009-02-06 | 2012-06-07 | Sagemcom Canada, Inc. | Scalable nat traversal |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006049251A1 (en) * | 2004-11-08 | 2006-05-11 | Matsushita Electric Industrial Co., Ltd. | Communication terminal, and communication method |
CN1909560A (en) * | 2005-08-03 | 2007-02-07 | 乐金电子(昆山)电脑有限公司 | Device and method for setting network address |
KR100930037B1 (en) * | 2007-12-17 | 2009-12-07 | 한국전자통신연구원 | Network address translation simulation method and system |
CN101262447B (en) * | 2008-04-21 | 2011-02-16 | 中国科学院计算技术研究所 | A method for system terminal to establish NAT channel penetration |
-
2011
- 2011-09-14 WO PCT/JP2011/005172 patent/WO2012046390A1/en active Application Filing
- 2011-09-14 US US13/512,902 patent/US8761170B2/en active Active
- 2011-09-14 CN CN201180004832.5A patent/CN102652413B/en active Active
- 2011-09-14 JP JP2012507209A patent/JP5771600B2/en active Active
Patent Citations (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8165157B1 (en) * | 2000-06-21 | 2012-04-24 | Cisco Technology, Inc. | Maintaining network compatibility |
US7346926B2 (en) * | 2002-01-22 | 2008-03-18 | Netseal Mobility Technologies Nmt Oy | Method for sending messages over secure mobile communication links |
US20040128554A1 (en) * | 2002-09-09 | 2004-07-01 | Netrake Corporation | Apparatus and method for allowing peer-to-peer network traffic across enterprise firewalls |
US20040088537A1 (en) * | 2002-10-31 | 2004-05-06 | Microsoft Corporation | Method and apparatus for traversing a translation device with a security protocol |
US7346770B2 (en) * | 2002-10-31 | 2008-03-18 | Microsoft Corporation | Method and apparatus for traversing a translation device with a security protocol |
US20060209822A1 (en) | 2005-03-18 | 2006-09-21 | Moe Hamamoto | Communication apparatus, communication system and communication method |
JP2006295909A (en) | 2005-03-18 | 2006-10-26 | Matsushita Electric Ind Co Ltd | Communication apparatus and system, and communication method |
US7522618B2 (en) | 2005-03-18 | 2009-04-21 | Panasonic Corporation | Communication apparatus, communication system and communication method |
US20070058644A1 (en) * | 2005-08-04 | 2007-03-15 | Cisco Technology, Inc. | Service for NAT traversal using IPSEC |
US20070189490A1 (en) * | 2006-02-01 | 2007-08-16 | Jung-Sic Sung | Data redirection system and method using Internet protocol private branch exchange |
US20070192434A1 (en) * | 2006-02-13 | 2007-08-16 | Fujitsu Limited | Network system, terminal, and gateway |
US20100008260A1 (en) * | 2006-12-04 | 2010-01-14 | Sun Cheul Kim | Method for configuring control tunnel and direct tunnel in ipv4 network-based ipv6 service providing system |
JP2008236278A (en) | 2007-03-20 | 2008-10-02 | Hitachi Ltd | Communication connection method and communication apparatus |
US20080259943A1 (en) * | 2007-04-20 | 2008-10-23 | Matsushita Electric Industrial Co., Ltd. | Ip communication apparatus and nat type determination method by the same |
US20120144475A1 (en) * | 2009-02-06 | 2012-06-07 | Sagemcom Canada, Inc. | Scalable nat traversal |
US20120099599A1 (en) * | 2009-06-29 | 2012-04-26 | Keraenen Ari | Method and Apparatus for Relaying Packets |
US20120011189A1 (en) * | 2010-04-07 | 2012-01-12 | Jeremy Matthew Werner | Apparatus and Method For Matching Users For Online Sessions |
US20120072548A1 (en) * | 2010-09-21 | 2012-03-22 | Taesung Kim | System and Method for Web Hosting Behind NATs |
Non-Patent Citations (6)
Title |
---|
Hideo Yoshimi et al., "NAT Traversal Technology of Reducing Load on Relaying Server for P2P Connections", The Institute of Electronics, Information and Communication Engineers, IEICE Technical Report, vol. 106, No. 236, NS2006-81, Sep. 7, 2006, pp. 63-68, with English translation. |
International Search Report issued Nov. 22, 2011 in International (PCT) Application No. PCT/JP2011/005172. |
J. Rosenberg et al., "RFC 3489: STUN-Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)", retrieved from the Internet: , Mar. 2003. |
J. Rosenberg et al., "RFC 3489: STUN—Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)", retrieved from the Internet: <URL: http://www.ietf.org/rfc/rfc3489.txt>, Mar. 2003. |
Prakash Iyer et al., "Internet Gateway Device: 1, Device Template Version 1.01 (Universal Plug and Play Internet Gateway Device (IGD) Version 1.0) ", Nov. 12, 2001. |
Tomohiro Fujisaki et al., "Optimizing Communications Under Multiple NATs Environment", IPSJ SIG Technical Report [CD-ROM (Dec. 2009)], vol. 2009-IOT-7, No. 5, Dec. 15, 2009, pp. 1-6, with English translation. |
Also Published As
Publication number | Publication date |
---|---|
WO2012046390A1 (en) | 2012-04-12 |
JPWO2012046390A1 (en) | 2014-02-24 |
JP5771600B2 (en) | 2015-09-02 |
CN102652413B (en) | 2015-10-21 |
US20120236854A1 (en) | 2012-09-20 |
CN102652413A (en) | 2012-08-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8761170B2 (en) | Communication device, communication method, integrated circuit, and program | |
US7830878B2 (en) | Virtual network connection system, virtual network connection apparatus, and computer-readable medium | |
US20050066035A1 (en) | Method and apparatus for connecting privately addressed networks | |
US20120317252A1 (en) | Method and system for address conflict resolution | |
US8364847B2 (en) | Address management in a connectivity platform | |
JP5323674B2 (en) | DNS (Domain Name System) registration apparatus, VPN (Virtual Private Network) connection management system, wide area DNS apparatus, DNS registration program, wide area DNS program, DNS registration method, and inter VPN connection management method | |
US8194566B2 (en) | Information processing device, and bubble packet transmission method and program | |
KR101880346B1 (en) | Relay device, communication scheme selection method, and storage medium for storing program | |
US9602333B2 (en) | DNS server, gateways and methods for managing an identifier of a port range in the transmission of data | |
JPWO2013172391A1 (en) | Multi-tenant system, switch, controller, and packet transfer method | |
CN107809386B (en) | IP address translation method, routing device and communication system | |
US10079802B2 (en) | Network transmission method and network transmission system for a multi-layer network address translator structure | |
US11683275B2 (en) | Device and method for interconnecting two subnetworks | |
JP2009010606A (en) | Tunnel connection system, tunnel control server, tunnel connecting device, and tunnel connection method | |
WO2014156143A1 (en) | Home gateway device and packet forwarding method | |
CN112019641B (en) | Data transmission method and device | |
JP5054666B2 (en) | VPN connection device, packet control method, and program | |
CN104518937B (en) | The method and device of the more communication between devices of virtual LAN VLAN | |
KR20070061036A (en) | Apparatus and method for sharing media inter homenetworks | |
JP5084716B2 (en) | VPN connection apparatus, DNS packet control method, and program | |
US8572283B2 (en) | Selectively applying network address port translation to data traffic through a gateway in a communications network | |
JP6403225B2 (en) | IP address resolution method for relay device, relay device, and program | |
JP5171608B2 (en) | VPN connection device, packet control method, and program | |
JP2012019361A (en) | Communication device, server device, communication system, communicating method, and integrated circuit | |
JP2007221740A (en) | Measures to avoid ip address conflict when utilizing vpn system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: PANASONIC CORPORATION, JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:TAKAGISHI, SATORU;FUSE, MASARU;MATSUSHITA, YOSUKE;REEL/FRAME:028824/0965 Effective date: 20120507 |
|
AS | Assignment |
Owner name: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PANASONIC CORPORATION;REEL/FRAME:033033/0163 Effective date: 20140527 Owner name: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AME Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PANASONIC CORPORATION;REEL/FRAME:033033/0163 Effective date: 20140527 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551) Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |